2 * Copyright (c) 2011-2016 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
17 * @brief BFD nodes implementation
21 #include <openssl/sha.h>
25 #include <x86intrin.h>
28 #include <vppinfra/random.h>
29 #include <vppinfra/error.h>
30 #include <vppinfra/hash.h>
31 #include <vppinfra/xxhash.h>
32 #include <vnet/ethernet/ethernet.h>
33 #include <vnet/ethernet/packet.h>
34 #include <vnet/bfd/bfd_debug.h>
35 #include <vnet/bfd/bfd_protocol.h>
36 #include <vnet/bfd/bfd_main.h>
39 bfd_calc_echo_checksum (u32 discriminator, u64 expire_time, u32 secret)
43 checksum = _mm_crc32_u64 (0, discriminator);
44 checksum = _mm_crc32_u64 (checksum, expire_time);
45 checksum = _mm_crc32_u64 (checksum, secret);
47 checksum = clib_xxhash (discriminator ^ expire_time ^ secret);
53 bfd_usec_to_clocks (const bfd_main_t * bm, u64 us)
55 return bm->cpu_cps * ((f64) us / USEC_PER_SECOND);
59 bfd_clocks_to_usec (const bfd_main_t * bm, u64 clocks)
61 return (clocks / bm->cpu_cps) * USEC_PER_SECOND;
64 static vlib_node_registration_t bfd_process_node;
66 /* set to 0 here, real values filled at startup */
67 static u32 bfd_node_index_by_transport[] = {
68 #define F(t, n) [BFD_TRANSPORT_##t] = 0,
69 foreach_bfd_transport (F)
74 format_bfd_auth_key (u8 * s, va_list * args)
76 const bfd_auth_key_t *key = va_arg (*args, bfd_auth_key_t *);
79 s = format (s, "{auth-type=%u:%s, conf-key-id=%u, use-count=%u}, ",
80 key->auth_type, bfd_auth_type_str (key->auth_type),
81 key->conf_key_id, key->use_count);
85 s = format (s, "{none}");
91 * We actually send all bfd pkts to the "error" node after scanning
92 * them, so the graph node has only one next-index. The "error-drop"
93 * node automatically bumps our per-node packet counters for us.
97 BFD_INPUT_NEXT_NORMAL,
101 static void bfd_on_state_change (bfd_main_t * bm, bfd_session_t * bs, u64 now,
102 int handling_wakeup);
105 bfd_set_defaults (bfd_main_t * bm, bfd_session_t * bs)
107 bs->local_state = BFD_STATE_down;
108 bs->local_diag = BFD_DIAG_CODE_no_diag;
109 bs->remote_state = BFD_STATE_down;
110 bs->remote_discr = 0;
111 bs->config_desired_min_tx_usec = BFD_DEFAULT_DESIRED_MIN_TX_USEC;
112 bs->config_desired_min_tx_clocks = bm->default_desired_min_tx_clocks;
113 bs->effective_desired_min_tx_clocks = bm->default_desired_min_tx_clocks;
114 bs->remote_min_rx_usec = 1;
115 bs->remote_min_rx_clocks = bfd_usec_to_clocks (bm, bs->remote_min_rx_usec);
116 bs->remote_min_echo_rx_usec = 0;
117 bs->remote_min_echo_rx_clocks = 0;
118 bs->remote_demand = 0;
119 bs->auth.remote_seq_number = 0;
120 bs->auth.remote_seq_number_known = 0;
121 bs->auth.local_seq_number = random_u32 (&bm->random_seed);
122 bs->echo_secret = random_u32 (&bm->random_seed);
126 bfd_set_diag (bfd_session_t * bs, bfd_diag_code_e code)
128 if (bs->local_diag != code)
130 BFD_DBG ("set local_diag, bs_idx=%d: '%d:%s'", bs->bs_idx, code,
131 bfd_diag_code_string (code));
132 bs->local_diag = code;
137 bfd_set_state (bfd_main_t * bm, bfd_session_t * bs,
138 bfd_state_e new_state, int handling_wakeup)
140 if (bs->local_state != new_state)
142 BFD_DBG ("Change state, bs_idx=%d: %s->%s", bs->bs_idx,
143 bfd_state_string (bs->local_state),
144 bfd_state_string (new_state));
145 bs->local_state = new_state;
146 bfd_on_state_change (bm, bs, clib_cpu_time_now (), handling_wakeup);
151 bfd_poll_state_string (bfd_poll_state_e state)
157 return "BFD_POLL_" #x;
158 foreach_bfd_poll_state (F)
165 bfd_set_poll_state (bfd_session_t * bs, bfd_poll_state_e state)
167 if (bs->poll_state != state)
169 BFD_DBG ("Setting poll state=%s, bs_idx=%u",
170 bfd_poll_state_string (state), bs->bs_idx);
171 bs->poll_state = state;
176 bfd_recalc_tx_interval (bfd_main_t * bm, bfd_session_t * bs)
178 bs->transmit_interval_clocks =
179 clib_max (bs->effective_desired_min_tx_clocks, bs->remote_min_rx_clocks);
180 BFD_DBG ("Recalculated transmit interval " BFD_CLK_FMT,
181 BFD_CLK_PRN (bs->transmit_interval_clocks));
185 bfd_recalc_echo_tx_interval (bfd_main_t * bm, bfd_session_t * bs)
187 bs->echo_transmit_interval_clocks =
188 clib_max (bs->effective_desired_min_tx_clocks,
189 bs->remote_min_echo_rx_clocks);
190 BFD_DBG ("Recalculated echo transmit interval " BFD_CLK_FMT,
191 BFD_CLK_PRN (bs->echo_transmit_interval_clocks));
195 bfd_calc_next_tx (bfd_main_t * bm, bfd_session_t * bs, u64 now)
197 if (bs->local_detect_mult > 1)
199 /* common case - 75-100% of transmit interval */
200 bs->tx_timeout_clocks = bs->last_tx_clocks +
201 (1 - .25 * (random_f64 (&bm->random_seed))) *
202 bs->transmit_interval_clocks;
203 if (bs->tx_timeout_clocks < now)
206 * the timeout is in the past, which means that either remote
207 * demand mode was set or performance/clock issues ...
209 BFD_DBG ("Missed %lu transmit events (now is %lu, calc "
210 "tx_timeout is %lu)",
211 (now - bs->tx_timeout_clocks) /
212 bs->transmit_interval_clocks, now, bs->tx_timeout_clocks);
213 bs->tx_timeout_clocks = now;
218 /* special case - 75-90% of transmit interval */
219 bs->tx_timeout_clocks = bs->last_tx_clocks +
220 (.9 - .15 * (random_f64 (&bm->random_seed))) *
221 bs->transmit_interval_clocks;
222 if (bs->tx_timeout_clocks < now)
225 * the timeout is in the past, which means that either remote
226 * demand mode was set or performance/clock issues ...
228 BFD_DBG ("Missed %lu transmit events (now is %lu, calc "
229 "tx_timeout is %lu)",
230 (now - bs->tx_timeout_clocks) /
231 bs->transmit_interval_clocks, now, bs->tx_timeout_clocks);
232 bs->tx_timeout_clocks = now;
235 if (bs->tx_timeout_clocks)
237 BFD_DBG ("Next transmit in %lu clocks/%.02fs@%lu",
238 bs->tx_timeout_clocks - now,
239 (bs->tx_timeout_clocks - now) / bm->cpu_cps,
240 bs->tx_timeout_clocks);
245 bfd_calc_next_echo_tx (bfd_main_t * bm, bfd_session_t * bs, u64 now)
247 bs->echo_tx_timeout_clocks =
248 bs->echo_last_tx_clocks + bs->echo_transmit_interval_clocks;
249 if (bs->echo_tx_timeout_clocks < now)
251 /* huh, we've missed it already, transmit now */
252 BFD_DBG ("Missed %lu echo transmit events (now is %lu, calc tx_timeout "
254 (now - bs->echo_tx_timeout_clocks) /
255 bs->echo_transmit_interval_clocks,
256 now, bs->echo_tx_timeout_clocks);
257 bs->echo_tx_timeout_clocks = now;
259 BFD_DBG ("Next echo transmit in %lu clocks/%.02fs@%lu",
260 bs->echo_tx_timeout_clocks - now,
261 (bs->echo_tx_timeout_clocks - now) / bm->cpu_cps,
262 bs->echo_tx_timeout_clocks);
266 bfd_recalc_detection_time (bfd_main_t * bm, bfd_session_t * bs)
268 if (bs->local_state == BFD_STATE_init || bs->local_state == BFD_STATE_up)
270 bs->detection_time_clocks =
271 bs->remote_detect_mult *
272 clib_max (bs->effective_required_min_rx_clocks,
273 bs->remote_desired_min_tx_clocks);
274 BFD_DBG ("Recalculated detection time %lu clocks/%.2fs",
275 bs->detection_time_clocks,
276 bs->detection_time_clocks / bm->cpu_cps);
281 bfd_set_timer (bfd_main_t * bm, bfd_session_t * bs, u64 now,
287 if (BFD_STATE_up == bs->local_state)
289 rx_timeout = bs->last_rx_clocks + bs->detection_time_clocks;
291 if (BFD_STATE_up != bs->local_state ||
292 (!bs->remote_demand && bs->remote_min_rx_usec) ||
293 BFD_POLL_NOT_NEEDED != bs->poll_state)
295 tx_timeout = bs->tx_timeout_clocks;
297 if (tx_timeout && rx_timeout)
299 next = clib_min (tx_timeout, rx_timeout);
309 if (bs->echo && next > bs->echo_tx_timeout_clocks)
311 next = bs->echo_tx_timeout_clocks;
313 BFD_DBG ("bs_idx=%u, tx_timeout=%lu, echo_tx_timeout=%lu, rx_timeout=%lu, "
315 bs->bs_idx, tx_timeout, bs->echo_tx_timeout_clocks, rx_timeout,
317 ? "tx" : (next == bs->echo_tx_timeout_clocks ? "echo tx" : "rx"));
318 /* sometimes the wheel expires an event a bit sooner than requested, account
320 if (next && (now + bm->wheel_inaccuracy > bs->wheel_time_clocks ||
321 next < bs->wheel_time_clocks || !bs->wheel_time_clocks))
323 bs->wheel_time_clocks = next;
324 BFD_DBG ("timing_wheel_insert(%p, %lu (%ld clocks/%.2fs in the "
326 &bm->wheel, bs->wheel_time_clocks,
327 (i64) bs->wheel_time_clocks - clib_cpu_time_now (),
328 (i64) (bs->wheel_time_clocks - clib_cpu_time_now ()) /
329 bm->cpu_cps, bs->bs_idx);
330 timing_wheel_insert (&bm->wheel, bs->wheel_time_clocks, bs->bs_idx);
331 if (!handling_wakeup)
333 vlib_process_signal_event (bm->vlib_main,
334 bm->bfd_process_node_index,
335 BFD_EVENT_RESCHEDULE, bs->bs_idx);
341 bfd_set_effective_desired_min_tx (bfd_main_t * bm,
342 bfd_session_t * bs, u64 now,
343 u64 desired_min_tx_clocks)
345 bs->effective_desired_min_tx_clocks = desired_min_tx_clocks;
346 BFD_DBG ("Set effective desired min tx to " BFD_CLK_FMT,
347 BFD_CLK_PRN (bs->effective_desired_min_tx_clocks));
348 bfd_recalc_detection_time (bm, bs);
349 bfd_recalc_tx_interval (bm, bs);
350 bfd_recalc_echo_tx_interval (bm, bs);
351 bfd_calc_next_tx (bm, bs, now);
355 bfd_set_effective_required_min_rx (bfd_main_t * bm,
357 u64 required_min_rx_clocks)
359 bs->effective_required_min_rx_clocks = required_min_rx_clocks;
360 BFD_DBG ("Set effective required min rx to " BFD_CLK_FMT,
361 BFD_CLK_PRN (bs->effective_required_min_rx_clocks));
362 bfd_recalc_detection_time (bm, bs);
366 bfd_set_remote_required_min_rx (bfd_main_t * bm, bfd_session_t * bs,
367 u64 now, u32 remote_required_min_rx_usec)
369 if (bs->remote_min_rx_usec != remote_required_min_rx_usec)
371 bs->remote_min_rx_usec = remote_required_min_rx_usec;
372 bs->remote_min_rx_clocks =
373 bfd_usec_to_clocks (bm, remote_required_min_rx_usec);
374 BFD_DBG ("Set remote min rx to " BFD_CLK_FMT,
375 BFD_CLK_PRN (bs->remote_min_rx_clocks));
376 bfd_recalc_detection_time (bm, bs);
377 bfd_recalc_tx_interval (bm, bs);
382 bfd_set_remote_required_min_echo_rx (bfd_main_t * bm, bfd_session_t * bs,
384 u32 remote_required_min_echo_rx_usec)
386 if (bs->remote_min_echo_rx_usec != remote_required_min_echo_rx_usec)
388 bs->remote_min_echo_rx_usec = remote_required_min_echo_rx_usec;
389 bs->remote_min_echo_rx_clocks =
390 bfd_usec_to_clocks (bm, bs->remote_min_echo_rx_usec);
391 BFD_DBG ("Set remote min echo rx to " BFD_CLK_FMT,
392 BFD_CLK_PRN (bs->remote_min_echo_rx_clocks));
393 bfd_recalc_echo_tx_interval (bm, bs);
398 bfd_session_start (bfd_main_t * bm, bfd_session_t * bs)
400 BFD_DBG ("\nStarting session: %U", format_bfd_session, bs);
401 bfd_set_effective_required_min_rx (bm, bs,
402 bs->config_required_min_rx_clocks);
403 bfd_recalc_tx_interval (bm, bs);
404 vlib_process_signal_event (bm->vlib_main, bm->bfd_process_node_index,
405 BFD_EVENT_NEW_SESSION, bs->bs_idx);
409 bfd_session_set_flags (bfd_session_t * bs, u8 admin_up_down)
411 bfd_main_t *bm = &bfd_main;
412 u64 now = clib_cpu_time_now ();
415 BFD_DBG ("Session set admin-up, bs-idx=%u", bs->bs_idx);
416 bfd_set_state (bm, bs, BFD_STATE_down, 0);
417 bfd_set_diag (bs, BFD_DIAG_CODE_no_diag);
418 bfd_calc_next_tx (bm, bs, now);
419 bfd_set_timer (bm, bs, now, 0);
423 BFD_DBG ("Session set admin-down, bs-idx=%u", bs->bs_idx);
424 bfd_set_diag (bs, BFD_DIAG_CODE_admin_down);
425 bfd_set_state (bm, bs, BFD_STATE_admin_down, 0);
426 bfd_calc_next_tx (bm, bs, now);
427 bfd_set_timer (bm, bs, now, 0);
432 bfd_input_format_trace (u8 * s, va_list * args)
434 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
435 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
436 const bfd_input_trace_t *t = va_arg (*args, bfd_input_trace_t *);
437 const bfd_pkt_t *pkt = (bfd_pkt_t *) t->data;
438 if (t->len > STRUCT_SIZE_OF (bfd_pkt_t, head))
440 s = format (s, "BFD v%u, diag=%u(%s), state=%u(%s),\n"
441 " flags=(P:%u, F:%u, C:%u, A:%u, D:%u, M:%u), "
442 "detect_mult=%u, length=%u\n",
443 bfd_pkt_get_version (pkt), bfd_pkt_get_diag_code (pkt),
444 bfd_diag_code_string (bfd_pkt_get_diag_code (pkt)),
445 bfd_pkt_get_state (pkt),
446 bfd_state_string (bfd_pkt_get_state (pkt)),
447 bfd_pkt_get_poll (pkt), bfd_pkt_get_final (pkt),
448 bfd_pkt_get_control_plane_independent (pkt),
449 bfd_pkt_get_auth_present (pkt), bfd_pkt_get_demand (pkt),
450 bfd_pkt_get_multipoint (pkt), pkt->head.detect_mult,
452 if (t->len >= sizeof (bfd_pkt_t) &&
453 pkt->head.length >= sizeof (bfd_pkt_t))
455 s = format (s, " my discriminator: %u\n",
456 clib_net_to_host_u32 (pkt->my_disc));
457 s = format (s, " your discriminator: %u\n",
458 clib_net_to_host_u32 (pkt->your_disc));
459 s = format (s, " desired min tx interval: %u\n",
460 clib_net_to_host_u32 (pkt->des_min_tx));
461 s = format (s, " required min rx interval: %u\n",
462 clib_net_to_host_u32 (pkt->req_min_rx));
463 s = format (s, " required min echo rx interval: %u",
464 clib_net_to_host_u32 (pkt->req_min_echo_rx));
466 if (t->len >= sizeof (bfd_pkt_with_common_auth_t) &&
467 pkt->head.length >= sizeof (bfd_pkt_with_common_auth_t) &&
468 bfd_pkt_get_auth_present (pkt))
470 const bfd_pkt_with_common_auth_t *with_auth = (void *) pkt;
471 const bfd_auth_common_t *common = &with_auth->common_auth;
472 s = format (s, "\n auth len: %u\n", common->len);
473 s = format (s, " auth type: %u:%s\n", common->type,
474 bfd_auth_type_str (common->type));
475 if (t->len >= sizeof (bfd_pkt_with_sha1_auth_t) &&
476 pkt->head.length >= sizeof (bfd_pkt_with_sha1_auth_t) &&
477 (BFD_AUTH_TYPE_keyed_sha1 == common->type ||
478 BFD_AUTH_TYPE_meticulous_keyed_sha1 == common->type))
480 const bfd_pkt_with_sha1_auth_t *with_sha1 = (void *) pkt;
481 const bfd_auth_sha1_t *sha1 = &with_sha1->sha1_auth;
482 s = format (s, " seq num: %u\n",
483 clib_net_to_host_u32 (sha1->seq_num));
484 s = format (s, " key id: %u\n", sha1->key_id);
485 s = format (s, " hash: %U", format_hex_bytes, sha1->hash,
486 sizeof (sha1->hash));
491 s = format (s, "\n");
499 bfd_on_state_change (bfd_main_t * bm, bfd_session_t * bs, u64 now,
502 BFD_DBG ("\nState changed: %U", format_bfd_session, bs);
504 switch (bs->local_state)
506 case BFD_STATE_admin_down:
508 bfd_set_effective_desired_min_tx (bm, bs, now,
510 (bs->config_desired_min_tx_clocks,
511 bm->default_desired_min_tx_clocks));
512 bfd_set_effective_required_min_rx (bm, bs,
513 bs->config_required_min_rx_clocks);
514 bfd_set_timer (bm, bs, now, handling_wakeup);
518 bfd_set_effective_desired_min_tx (bm, bs, now,
520 (bs->config_desired_min_tx_clocks,
521 bm->default_desired_min_tx_clocks));
522 bfd_set_effective_required_min_rx (bm, bs,
523 bs->config_required_min_rx_clocks);
524 bfd_set_timer (bm, bs, now, handling_wakeup);
528 bfd_set_effective_desired_min_tx (bm, bs, now,
529 bs->config_desired_min_tx_clocks);
530 bfd_set_timer (bm, bs, now, handling_wakeup);
533 bfd_set_effective_desired_min_tx (bm, bs, now,
534 bs->config_desired_min_tx_clocks);
535 if (BFD_POLL_NOT_NEEDED == bs->poll_state)
537 bfd_set_effective_required_min_rx (bm, bs,
538 bs->config_required_min_rx_clocks);
540 bfd_set_timer (bm, bs, now, handling_wakeup);
546 bfd_on_config_change (vlib_main_t * vm, vlib_node_runtime_t * rt,
547 bfd_main_t * bm, bfd_session_t * bs, u64 now)
550 * if remote demand mode is set and we need to do a poll, set the next
551 * timeout so that the session wakes up immediately
553 if (bs->remote_demand && BFD_POLL_NEEDED == bs->poll_state &&
554 bs->poll_state_start_or_timeout_clocks < now)
556 bs->tx_timeout_clocks = now;
558 bfd_recalc_detection_time (bm, bs);
559 bfd_set_timer (bm, bs, now, 0);
563 bfd_add_transport_layer (vlib_main_t * vm, vlib_buffer_t * b,
566 switch (bs->transport)
568 case BFD_TRANSPORT_UDP4:
569 BFD_DBG ("Transport bfd via udp4, bs_idx=%u", bs->bs_idx);
570 bfd_add_udp4_transport (vm, b, bs, 0 /* is_echo */ );
572 case BFD_TRANSPORT_UDP6:
573 BFD_DBG ("Transport bfd via udp6, bs_idx=%u", bs->bs_idx);
574 bfd_add_udp6_transport (vm, b, bs, 0 /* is_echo */ );
580 bfd_echo_add_transport_layer (vlib_main_t * vm, vlib_buffer_t * b,
583 switch (bs->transport)
585 case BFD_TRANSPORT_UDP4:
586 BFD_DBG ("Transport bfd echo via udp4, bs_idx=%u", bs->bs_idx);
587 return bfd_add_udp4_transport (vm, b, bs, 1 /* is_echo */ );
589 case BFD_TRANSPORT_UDP6:
590 BFD_DBG ("Transport bfd echo via udp6, bs_idx=%u", bs->bs_idx);
591 return bfd_add_udp6_transport (vm, b, bs, 1 /* is_echo */ );
598 bfd_create_frame_to_next_node (vlib_main_t * vm, bfd_session_t * bs, u32 bi)
602 vlib_get_frame_to_node (vm, bfd_node_index_by_transport[bs->transport]);
604 u32 *to_next = vlib_frame_vector_args (f);
607 vlib_put_frame_to_node (vm, bfd_node_index_by_transport[bs->transport], f);
612 bfd_add_sha1_auth_section (vlib_buffer_t * b, bfd_session_t * bs)
614 bfd_pkt_with_sha1_auth_t *pkt = vlib_buffer_get_current (b);
615 bfd_auth_sha1_t *auth = &pkt->sha1_auth;
616 b->current_length += sizeof (*auth);
617 pkt->pkt.head.length += sizeof (*auth);
618 bfd_pkt_set_auth_present (&pkt->pkt);
619 memset (auth, 0, sizeof (*auth));
620 auth->type_len.type = bs->auth.curr_key->auth_type;
622 * only meticulous authentication types require incrementing seq number
623 * for every message, but doing so doesn't violate the RFC
625 ++bs->auth.local_seq_number;
626 auth->type_len.len = sizeof (bfd_auth_sha1_t);
627 auth->key_id = bs->auth.curr_bfd_key_id;
628 auth->seq_num = clib_host_to_net_u32 (bs->auth.local_seq_number);
630 * first copy the password into the packet, then calculate the hash
631 * and finally replace the password with the calculated hash
633 clib_memcpy (auth->hash, bs->auth.curr_key->key,
634 sizeof (bs->auth.curr_key->key));
635 unsigned char hash[sizeof (auth->hash)];
636 SHA1 ((unsigned char *) pkt, sizeof (*pkt), hash);
637 BFD_DBG ("hashing: %U", format_hex_bytes, pkt, sizeof (*pkt));
638 clib_memcpy (auth->hash, hash, sizeof (hash));
643 bfd_add_auth_section (vlib_buffer_t * b, bfd_session_t * bs)
645 if (bs->auth.curr_key)
647 const bfd_auth_type_e auth_type = bs->auth.curr_key->auth_type;
650 case BFD_AUTH_TYPE_reserved:
652 case BFD_AUTH_TYPE_simple_password:
654 case BFD_AUTH_TYPE_keyed_md5:
656 case BFD_AUTH_TYPE_meticulous_keyed_md5:
657 clib_warning ("Internal error, unexpected BFD auth type '%d'",
661 case BFD_AUTH_TYPE_keyed_sha1:
663 case BFD_AUTH_TYPE_meticulous_keyed_sha1:
664 bfd_add_sha1_auth_section (b, bs);
667 case BFD_AUTH_TYPE_keyed_sha1:
669 case BFD_AUTH_TYPE_meticulous_keyed_sha1:
670 clib_warning ("Internal error, unexpected BFD auth type '%d'",
679 bfd_is_echo_possible (bfd_session_t * bs)
681 if (BFD_STATE_up == bs->local_state && BFD_STATE_up == bs->remote_state &&
682 bs->remote_min_echo_rx_usec > 0)
684 switch (bs->transport)
686 case BFD_TRANSPORT_UDP4:
687 return bfd_udp_is_echo_available (BFD_TRANSPORT_UDP4);
688 case BFD_TRANSPORT_UDP6:
689 return bfd_udp_is_echo_available (BFD_TRANSPORT_UDP6);
696 bfd_init_control_frame (bfd_main_t * bm, bfd_session_t * bs,
699 bfd_pkt_t *pkt = vlib_buffer_get_current (b);
701 bfd_length = sizeof (bfd_pkt_t);
702 memset (pkt, 0, sizeof (*pkt));
703 bfd_pkt_set_version (pkt, 1);
704 bfd_pkt_set_diag_code (pkt, bs->local_diag);
705 bfd_pkt_set_state (pkt, bs->local_state);
706 pkt->head.detect_mult = bs->local_detect_mult;
707 pkt->head.length = clib_host_to_net_u32 (bfd_length);
708 pkt->my_disc = bs->local_discr;
709 pkt->your_disc = bs->remote_discr;
710 pkt->des_min_tx = clib_host_to_net_u32 (bs->config_desired_min_tx_usec);
714 clib_host_to_net_u32 (bfd_clocks_to_usec
715 (bm, bs->effective_required_min_rx_clocks));
720 clib_host_to_net_u32 (bs->config_required_min_rx_usec);
722 pkt->req_min_echo_rx = clib_host_to_net_u32 (1);
723 b->current_length = bfd_length;
727 bfd_send_echo (vlib_main_t * vm, vlib_node_runtime_t * rt,
728 bfd_main_t * bm, bfd_session_t * bs, u64 now,
731 if (!bfd_is_echo_possible (bs))
733 BFD_DBG ("\nSwitching off echo function: %U", format_bfd_session, bs);
737 /* sometimes the wheel expires an event a bit sooner than requested, account
739 if (now + bm->wheel_inaccuracy >= bs->echo_tx_timeout_clocks)
741 BFD_DBG ("\nSending echo packet: %U", format_bfd_session, bs);
743 if (vlib_buffer_alloc (vm, &bi, 1) != 1)
745 clib_warning ("buffer allocation failure");
748 vlib_buffer_t *b = vlib_get_buffer (vm, bi);
749 ASSERT (b->current_data == 0);
750 bfd_echo_pkt_t *pkt = vlib_buffer_get_current (b);
751 memset (pkt, 0, sizeof (*pkt));
752 pkt->discriminator = bs->local_discr;
753 pkt->expire_time_clocks =
754 now + bs->echo_transmit_interval_clocks * bs->local_detect_mult;
756 bfd_calc_echo_checksum (bs->local_discr, pkt->expire_time_clocks,
758 b->current_length = sizeof (*pkt);
759 if (!bfd_echo_add_transport_layer (vm, b, bs))
761 BFD_ERR ("cannot send echo packet out, turning echo off");
763 vlib_buffer_free_one (vm, bi);
766 bs->echo_last_tx_clocks = now;
767 bfd_calc_next_echo_tx (bm, bs, now);
768 bfd_create_frame_to_next_node (vm, bs, bi);
773 ("No need to send echo packet now, now is %lu, tx_timeout is %lu",
774 now, bs->echo_tx_timeout_clocks);
779 bfd_send_periodic (vlib_main_t * vm, vlib_node_runtime_t * rt,
780 bfd_main_t * bm, bfd_session_t * bs, u64 now,
783 if (!bs->remote_min_rx_usec && BFD_POLL_NOT_NEEDED == bs->poll_state)
785 BFD_DBG ("Remote min rx interval is zero, not sending periodic control "
789 if (BFD_POLL_NOT_NEEDED == bs->poll_state && bs->remote_demand &&
790 BFD_STATE_up == bs->local_state && BFD_STATE_up == bs->remote_state)
793 * A system MUST NOT periodically transmit BFD Control packets if Demand
794 * mode is active on the remote system (bfd.RemoteDemandMode is 1,
795 * bfd.SessionState is Up, and bfd.RemoteSessionState is Up) and a Poll
796 * Sequence is not being transmitted.
798 BFD_DBG ("Remote demand is set, not sending periodic control frame");
801 /* sometimes the wheel expires an event a bit sooner than requested, account
803 if (now + bm->wheel_inaccuracy >= bs->tx_timeout_clocks)
805 BFD_DBG ("\nSending periodic control frame: %U", format_bfd_session,
808 if (vlib_buffer_alloc (vm, &bi, 1) != 1)
810 clib_warning ("buffer allocation failure");
813 vlib_buffer_t *b = vlib_get_buffer (vm, bi);
814 ASSERT (b->current_data == 0);
815 bfd_init_control_frame (bm, bs, b);
816 switch (bs->poll_state)
818 case BFD_POLL_NEEDED:
819 if (now < bs->poll_state_start_or_timeout_clocks)
821 BFD_DBG ("Cannot start a poll sequence yet, need to wait "
823 BFD_CLK_PRN (bs->poll_state_start_or_timeout_clocks -
827 bs->poll_state_start_or_timeout_clocks = now;
828 bfd_set_poll_state (bs, BFD_POLL_IN_PROGRESS);
830 case BFD_POLL_IN_PROGRESS:
831 case BFD_POLL_IN_PROGRESS_AND_QUEUED:
832 bfd_pkt_set_poll (vlib_buffer_get_current (b));
833 BFD_DBG ("Setting poll bit in packet, bs_idx=%u", bs->bs_idx);
835 case BFD_POLL_NOT_NEEDED:
839 bfd_add_auth_section (b, bs);
840 bfd_add_transport_layer (vm, b, bs);
841 bs->last_tx_clocks = now;
842 bfd_calc_next_tx (bm, bs, now);
843 bfd_create_frame_to_next_node (vm, bs, bi);
848 ("No need to send control frame now, now is %lu, tx_timeout is %lu",
849 now, bs->tx_timeout_clocks);
854 bfd_init_final_control_frame (vlib_main_t * vm, vlib_buffer_t * b,
855 bfd_main_t * bm, bfd_session_t * bs)
857 BFD_DBG ("Send final control frame for bs_idx=%lu", bs->bs_idx);
858 bfd_init_control_frame (bm, bs, b);
859 bfd_pkt_set_final (vlib_buffer_get_current (b));
860 bfd_add_auth_section (b, bs);
861 bfd_add_transport_layer (vm, b, bs);
862 bs->last_tx_clocks = clib_cpu_time_now ();
864 * RFC allows to include changes in final frame, so if there were any
865 * pending, we already did that, thus we can clear any pending poll needs
867 bfd_set_poll_state (bs, BFD_POLL_NOT_NEEDED);
871 bfd_check_rx_timeout (bfd_main_t * bm, bfd_session_t * bs, u64 now,
874 /* sometimes the wheel expires an event a bit sooner than requested, account
876 if (bs->last_rx_clocks + bs->detection_time_clocks <=
877 now + bm->wheel_inaccuracy)
879 BFD_DBG ("Rx timeout, session goes down");
880 bfd_set_diag (bs, BFD_DIAG_CODE_det_time_exp);
881 bfd_set_state (bm, bs, BFD_STATE_down, handling_wakeup);
883 * If the remote system does not receive any
884 * BFD Control packets for a Detection Time, it SHOULD reset
885 * bfd.RemoteMinRxInterval to its initial value of 1 (per section 6.8.1,
886 * since it is no longer required to maintain previous session state)
887 * and then can transmit at its own rate.
889 bfd_set_remote_required_min_rx (bm, bs, now, 1);
892 bs->echo_last_rx_clocks +
893 bs->echo_transmit_interval_clocks * bs->local_detect_mult <=
894 now + bm->wheel_inaccuracy)
896 BFD_DBG ("Echo rx timeout, session goes down");
897 bfd_set_diag (bs, BFD_DIAG_CODE_echo_failed);
898 bfd_set_state (bm, bs, BFD_STATE_down, handling_wakeup);
903 bfd_on_timeout (vlib_main_t * vm, vlib_node_runtime_t * rt, bfd_main_t * bm,
904 bfd_session_t * bs, u64 now)
906 BFD_DBG ("Timeout for bs_idx=%lu", bs->bs_idx);
907 switch (bs->local_state)
909 case BFD_STATE_admin_down:
910 bfd_send_periodic (vm, rt, bm, bs, now, 1);
913 bfd_send_periodic (vm, rt, bm, bs, now, 1);
916 bfd_check_rx_timeout (bm, bs, now, 1);
917 bfd_send_periodic (vm, rt, bm, bs, now, 1);
920 bfd_check_rx_timeout (bm, bs, now, 1);
921 if (BFD_POLL_NOT_NEEDED == bs->poll_state && !bs->echo &&
922 bfd_is_echo_possible (bs))
924 /* switch on echo function as main detection method now */
925 BFD_DBG ("Switching on echo function, bs_idx=%u", bs->bs_idx);
927 bs->echo_last_rx_clocks = now;
928 bs->echo_tx_timeout_clocks = now;
929 bfd_set_effective_required_min_rx (bm, bs,
931 (bm->min_required_min_rx_while_echo_clocks,
932 bs->config_required_min_rx_clocks));
933 bfd_set_poll_state (bs, BFD_POLL_NEEDED);
935 bfd_send_periodic (vm, rt, bm, bs, now, 1);
938 bfd_send_echo (vm, rt, bm, bs, now, 1);
945 * bfd process node function
948 bfd_process (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f)
950 bfd_main_t *bm = &bfd_main;
952 uword event_type, *event_data = 0;
954 /* So we can send events to the bfd process */
955 bm->bfd_process_node_index = bfd_process_node.index;
959 u64 now = clib_cpu_time_now ();
960 u64 next_expire = timing_wheel_next_expiring_elt_time (&bm->wheel);
961 BFD_DBG ("timing_wheel_next_expiring_elt_time(%p) returns %lu",
962 &bm->wheel, next_expire);
963 if ((i64) next_expire < 0)
965 BFD_DBG ("wait for event without timeout");
966 (void) vlib_process_wait_for_event (vm);
967 event_type = vlib_process_get_events (vm, &event_data);
971 f64 timeout = ((i64) next_expire - (i64) now) / bm->cpu_cps;
972 BFD_DBG ("wait for event with timeout %.02f", timeout);
975 BFD_DBG ("negative timeout, already expired, skipping wait");
980 (void) vlib_process_wait_for_event_or_clock (vm, timeout);
981 event_type = vlib_process_get_events (vm, &event_data);
984 now = clib_cpu_time_now ();
987 case ~0: /* no events => timeout */
988 /* nothing to do here */
990 case BFD_EVENT_RESCHEDULE:
991 /* nothing to do here - reschedule is done automatically after
992 * each event or timeout */
994 case BFD_EVENT_NEW_SESSION:
995 if (!pool_is_free_index (bm->sessions, *event_data))
998 pool_elt_at_index (bm->sessions, *event_data);
999 bfd_send_periodic (vm, rt, bm, bs, now, 1);
1003 BFD_DBG ("Ignoring event for non-existent session index %u",
1004 (u32) * event_data);
1007 case BFD_EVENT_CONFIG_CHANGED:
1008 if (!pool_is_free_index (bm->sessions, *event_data))
1011 pool_elt_at_index (bm->sessions, *event_data);
1012 bfd_on_config_change (vm, rt, bm, bs, now);
1016 BFD_DBG ("Ignoring event for non-existent session index %u",
1017 (u32) * event_data);
1021 clib_warning ("BUG: event type 0x%wx", event_type);
1024 BFD_DBG ("advancing wheel, now is %lu", now);
1025 BFD_DBG ("timing_wheel_advance (%p, %lu, %p, 0);", &bm->wheel, now,
1027 expired = timing_wheel_advance (&bm->wheel, now, expired, 0);
1028 BFD_DBG ("Expired %d elements", vec_len (expired));
1030 vec_foreach (p, expired)
1032 const u32 bs_idx = *p;
1033 if (!pool_is_free_index (bm->sessions, bs_idx))
1035 bfd_session_t *bs = pool_elt_at_index (bm->sessions, bs_idx);
1036 bfd_on_timeout (vm, rt, bm, bs, now);
1037 bfd_set_timer (bm, bs, now, 1);
1042 _vec_len (expired) = 0;
1046 _vec_len (event_data) = 0;
1054 * bfd process node declaration
1057 VLIB_REGISTER_NODE (bfd_process_node, static) = {
1058 .function = bfd_process,
1059 .type = VLIB_NODE_TYPE_PROCESS,
1060 .name = "bfd-process",
1066 static clib_error_t *
1067 bfd_sw_interface_up_down (vnet_main_t * vnm, u32 sw_if_index, u32 flags)
1069 // bfd_main_t *bm = &bfd_main;
1070 // vnet_hw_interface_t *hi = vnet_get_sup_hw_interface (vnm, sw_if_index);
1071 if (!(flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP))
1078 VNET_SW_INTERFACE_ADMIN_UP_DOWN_FUNCTION (bfd_sw_interface_up_down);
1080 static clib_error_t *
1081 bfd_hw_interface_up_down (vnet_main_t * vnm, u32 hw_if_index, u32 flags)
1083 // bfd_main_t *bm = &bfd_main;
1084 if (flags & VNET_HW_INTERFACE_FLAG_LINK_UP)
1091 VNET_HW_INTERFACE_LINK_UP_DOWN_FUNCTION (bfd_hw_interface_up_down);
1096 static clib_error_t *
1097 bfd_main_init (vlib_main_t * vm)
1100 setbuf (stdout, NULL);
1102 bfd_main_t *bm = &bfd_main;
1103 bm->random_seed = random_default_seed ();
1105 bm->vnet_main = vnet_get_main ();
1106 memset (&bm->wheel, 0, sizeof (bm->wheel));
1107 bm->cpu_cps = vm->clib_time.clocks_per_second;
1108 BFD_DBG ("cps is %.2f", bm->cpu_cps);
1109 bm->default_desired_min_tx_clocks =
1110 bfd_usec_to_clocks (bm, BFD_DEFAULT_DESIRED_MIN_TX_USEC);
1111 bm->min_required_min_rx_while_echo_clocks =
1112 bfd_usec_to_clocks (bm, BFD_REQUIRED_MIN_RX_USEC_WHILE_ECHO);
1113 const u64 now = clib_cpu_time_now ();
1114 timing_wheel_init (&bm->wheel, now, bm->cpu_cps);
1115 bm->wheel_inaccuracy = 2 << bm->wheel.log2_clocks_per_bin;
1117 vlib_node_t *node = NULL;
1119 node = vlib_get_node_by_name (vm, (u8 *)n); \
1120 bfd_node_index_by_transport[BFD_TRANSPORT_##t] = node->index; \
1121 BFD_DBG ("node '%s' has index %u", n, node->index);
1122 foreach_bfd_transport (F);
1127 VLIB_INIT_FUNCTION (bfd_main_init);
1130 bfd_get_session (bfd_main_t * bm, bfd_transport_e t)
1132 bfd_session_t *result;
1133 pool_get (bm->sessions, result);
1134 memset (result, 0, sizeof (*result));
1135 result->bs_idx = result - bm->sessions;
1136 result->transport = t;
1137 const unsigned limit = 1000;
1138 unsigned counter = 0;
1141 result->local_discr = random_u32 (&bm->random_seed);
1142 if (counter > limit)
1144 clib_warning ("Couldn't allocate unused session discriminator even "
1145 "after %u tries!", limit);
1146 pool_put (bm->sessions, result);
1151 while (hash_get (bm->session_by_disc, result->local_discr));
1152 bfd_set_defaults (bm, result);
1153 hash_set (bm->session_by_disc, result->local_discr, result->bs_idx);
1158 bfd_put_session (bfd_main_t * bm, bfd_session_t * bs)
1160 if (bs->auth.curr_key)
1162 --bs->auth.curr_key->use_count;
1164 if (bs->auth.next_key)
1166 --bs->auth.next_key->use_count;
1168 hash_unset (bm->session_by_disc, bs->local_discr);
1169 pool_put (bm->sessions, bs);
1173 bfd_find_session_by_idx (bfd_main_t * bm, uword bs_idx)
1175 if (!pool_is_free_index (bm->sessions, bs_idx))
1177 return pool_elt_at_index (bm->sessions, bs_idx);
1183 bfd_find_session_by_disc (bfd_main_t * bm, u32 disc)
1185 uword *p = hash_get (bfd_main.session_by_disc, disc);
1188 return pool_elt_at_index (bfd_main.sessions, *p);
1194 * @brief verify bfd packet - common checks
1198 * @return 1 if bfd packet is valid
1201 bfd_verify_pkt_common (const bfd_pkt_t * pkt)
1203 if (1 != bfd_pkt_get_version (pkt))
1205 BFD_ERR ("BFD verification failed - unexpected version: '%d'",
1206 bfd_pkt_get_version (pkt));
1209 if (pkt->head.length < sizeof (bfd_pkt_t) ||
1210 (bfd_pkt_get_auth_present (pkt) &&
1211 pkt->head.length < sizeof (bfd_pkt_with_common_auth_t)))
1213 BFD_ERR ("BFD verification failed - unexpected length: '%d' (auth "
1215 pkt->head.length, bfd_pkt_get_auth_present (pkt));
1218 if (!pkt->head.detect_mult)
1220 BFD_ERR ("BFD verification failed - unexpected detect-mult: '%d'",
1221 pkt->head.detect_mult);
1224 if (bfd_pkt_get_multipoint (pkt))
1226 BFD_ERR ("BFD verification failed - unexpected multipoint: '%d'",
1227 bfd_pkt_get_multipoint (pkt));
1232 BFD_ERR ("BFD verification failed - unexpected my-disc: '%d'",
1236 if (!pkt->your_disc)
1238 const u8 pkt_state = bfd_pkt_get_state (pkt);
1239 if (pkt_state != BFD_STATE_down && pkt_state != BFD_STATE_admin_down)
1241 BFD_ERR ("BFD verification failed - unexpected state: '%s' "
1242 "(your-disc is zero)", bfd_state_string (pkt_state));
1250 bfd_session_switch_auth_to_next (bfd_session_t * bs)
1252 BFD_DBG ("Switching authentication key from %U to %U for bs_idx=%u",
1253 format_bfd_auth_key, bs->auth.curr_key, format_bfd_auth_key,
1254 bs->auth.next_key, bs->bs_idx);
1255 bs->auth.is_delayed = 0;
1256 if (bs->auth.curr_key)
1258 --bs->auth.curr_key->use_count;
1260 bs->auth.curr_key = bs->auth.next_key;
1261 bs->auth.next_key = NULL;
1262 bs->auth.curr_bfd_key_id = bs->auth.next_bfd_key_id;
1266 bfd_auth_type_is_meticulous (bfd_auth_type_e auth_type)
1268 if (BFD_AUTH_TYPE_meticulous_keyed_md5 == auth_type ||
1269 BFD_AUTH_TYPE_meticulous_keyed_sha1 == auth_type)
1277 bfd_verify_pkt_auth_seq_num (bfd_session_t * bs,
1278 u32 received_seq_num, int is_meticulous)
1283 * This variable MUST be set to zero after no packets have been
1284 * received on this session for at least twice the Detection Time.
1286 u64 now = clib_cpu_time_now ();
1287 if (now - bs->last_rx_clocks > bs->detection_time_clocks * 2)
1289 BFD_DBG ("BFD peer unresponsive for %lu clocks, which is > 2 * "
1290 "detection_time=%u clocks, resetting remote_seq_number_known "
1292 now - bs->last_rx_clocks, bs->detection_time_clocks * 2);
1293 bs->auth.remote_seq_number_known = 0;
1295 if (bs->auth.remote_seq_number_known)
1297 /* remote sequence number is known, verify its validity */
1298 const u32 max_u32 = 0xffffffff;
1299 /* the calculation might wrap, account for the special case... */
1300 if (bs->auth.remote_seq_number > max_u32 - 3 * bs->local_detect_mult)
1306 * |----------+----------------------------+-----------|
1308 * | remote_seq_num------+
1310 * +-----(remote_seq_num + 3*detect_mult) % * 0xffffffff
1312 * x + y + z = 0xffffffff
1313 * x + z = 3 * detect_mult
1315 const u32 z = max_u32 - bs->auth.remote_seq_number;
1316 const u32 x = 3 * bs->local_detect_mult - z;
1317 if (received_seq_num > x &&
1318 received_seq_num < bs->auth.remote_seq_number + is_meticulous)
1321 ("Recvd sequence number=%u out of ranges <0, %u>, <%u, %u>",
1322 received_seq_num, x,
1323 bs->auth.remote_seq_number + is_meticulous, max_u32);
1330 const u32 min = bs->auth.remote_seq_number + is_meticulous;
1332 bs->auth.remote_seq_number + 3 * bs->local_detect_mult;
1333 if (received_seq_num < min || received_seq_num > max)
1335 BFD_ERR ("Recvd sequence number=%u out of range <%u, %u>",
1336 received_seq_num, min, max);
1345 bfd_verify_pkt_auth_key_sha1 (const bfd_pkt_t * pkt, u32 pkt_size,
1346 bfd_session_t * bs, u8 bfd_key_id,
1347 bfd_auth_key_t * auth_key)
1349 ASSERT (auth_key->auth_type == BFD_AUTH_TYPE_keyed_sha1 ||
1350 auth_key->auth_type == BFD_AUTH_TYPE_meticulous_keyed_sha1);
1352 u8 result[SHA_DIGEST_LENGTH];
1353 bfd_pkt_with_common_auth_t *with_common = (void *) pkt;
1354 if (pkt_size < sizeof (*with_common))
1356 BFD_ERR ("Packet size too small to hold authentication common header");
1359 if (with_common->common_auth.type != auth_key->auth_type)
1361 BFD_ERR ("BFD auth type mismatch, packet auth=%d:%s doesn't match "
1362 "in-use auth=%d:%s",
1363 with_common->common_auth.type,
1364 bfd_auth_type_str (with_common->common_auth.type),
1365 auth_key->auth_type, bfd_auth_type_str (auth_key->auth_type));
1368 bfd_pkt_with_sha1_auth_t *with_sha1 = (void *) pkt;
1369 if (pkt_size < sizeof (*with_sha1) ||
1370 with_sha1->sha1_auth.type_len.len < sizeof (with_sha1->sha1_auth))
1373 ("BFD size mismatch, payload size=%u, expected=%u, auth_len=%u, "
1374 "expected=%u", pkt_size, sizeof (*with_sha1),
1375 with_sha1->sha1_auth.type_len.len, sizeof (with_sha1->sha1_auth));
1378 if (with_sha1->sha1_auth.key_id != bfd_key_id)
1381 ("BFD key ID mismatch, packet key ID=%u doesn't match key ID=%u%s",
1382 with_sha1->sha1_auth.key_id, bfd_key_id,
1384 auth.is_delayed ? " (but a delayed auth change is scheduled)" : "");
1388 if (!SHA1_Init (&ctx))
1390 BFD_ERR ("SHA1_Init failed");
1393 /* ignore last 20 bytes - use the actual key data instead pkt data */
1394 if (!SHA1_Update (&ctx, with_sha1,
1395 sizeof (*with_sha1) - sizeof (with_sha1->sha1_auth.hash)))
1397 BFD_ERR ("SHA1_Update failed");
1400 if (!SHA1_Update (&ctx, auth_key->key, sizeof (auth_key->key)))
1402 BFD_ERR ("SHA1_Update failed");
1405 if (!SHA1_Final (result, &ctx))
1407 BFD_ERR ("SHA1_Final failed");
1410 if (0 == memcmp (result, with_sha1->sha1_auth.hash, SHA_DIGEST_LENGTH))
1414 BFD_ERR ("SHA1 hash: %U doesn't match the expected value: %U",
1415 format_hex_bytes, with_sha1->sha1_auth.hash, SHA_DIGEST_LENGTH,
1416 format_hex_bytes, result, SHA_DIGEST_LENGTH);
1421 bfd_verify_pkt_auth_key (const bfd_pkt_t * pkt, u32 pkt_size,
1422 bfd_session_t * bs, u8 bfd_key_id,
1423 bfd_auth_key_t * auth_key)
1425 switch (auth_key->auth_type)
1427 case BFD_AUTH_TYPE_reserved:
1428 clib_warning ("Internal error, unexpected auth_type=%d:%s",
1429 auth_key->auth_type,
1430 bfd_auth_type_str (auth_key->auth_type));
1432 case BFD_AUTH_TYPE_simple_password:
1434 ("Internal error, not implemented, unexpected auth_type=%d:%s",
1435 auth_key->auth_type, bfd_auth_type_str (auth_key->auth_type));
1437 case BFD_AUTH_TYPE_keyed_md5:
1439 case BFD_AUTH_TYPE_meticulous_keyed_md5:
1441 ("Internal error, not implemented, unexpected auth_type=%d:%s",
1442 auth_key->auth_type, bfd_auth_type_str (auth_key->auth_type));
1444 case BFD_AUTH_TYPE_keyed_sha1:
1446 case BFD_AUTH_TYPE_meticulous_keyed_sha1:
1450 const u32 seq_num = clib_net_to_host_u32 (((bfd_pkt_with_sha1_auth_t
1453 return bfd_verify_pkt_auth_seq_num (bs, seq_num,
1454 bfd_auth_type_is_meticulous
1455 (auth_key->auth_type))
1456 && bfd_verify_pkt_auth_key_sha1 (pkt, pkt_size, bs, bfd_key_id,
1462 ("Internal error, attempt to use SHA1 without SSL support");
1470 * @brief verify bfd packet - authentication
1474 * @return 1 if bfd packet is valid
1477 bfd_verify_pkt_auth (const bfd_pkt_t * pkt, u16 pkt_size, bfd_session_t * bs)
1479 if (bfd_pkt_get_auth_present (pkt))
1481 /* authentication present in packet */
1482 if (!bs->auth.curr_key)
1484 /* currently not using authentication - can we turn it on? */
1485 if (bs->auth.is_delayed && bs->auth.next_key)
1487 /* yes, switch is scheduled - make sure the auth is valid */
1488 if (bfd_verify_pkt_auth_key (pkt, pkt_size, bs,
1489 bs->auth.next_bfd_key_id,
1492 /* auth matches next key, do the switch, packet is valid */
1493 bfd_session_switch_auth_to_next (bs);
1500 /* yes, using authentication, verify the key */
1501 if (bfd_verify_pkt_auth_key (pkt, pkt_size, bs,
1502 bs->auth.curr_bfd_key_id,
1505 /* verification passed, packet is valid */
1510 /* verification failed - but maybe we need to switch key */
1511 if (bs->auth.is_delayed && bs->auth.next_key)
1513 /* delayed switch present, verify if that key works */
1514 if (bfd_verify_pkt_auth_key (pkt, pkt_size, bs,
1515 bs->auth.next_bfd_key_id,
1518 /* auth matches next key, switch key, packet is valid */
1519 bfd_session_switch_auth_to_next (bs);
1528 /* authentication in packet not present */
1529 if (pkt_size > sizeof (*pkt))
1531 BFD_ERR ("BFD verification failed - unexpected packet size '%d' "
1532 "(auth not present)", pkt_size);
1535 if (bs->auth.curr_key)
1537 /* currently authenticating - could we turn it off? */
1538 if (bs->auth.is_delayed && !bs->auth.next_key)
1540 /* yes, delayed switch to NULL key is scheduled */
1541 bfd_session_switch_auth_to_next (bs);
1547 /* no auth in packet, no auth in use - packet is valid */
1555 bfd_consume_pkt (bfd_main_t * bm, const bfd_pkt_t * pkt, u32 bs_idx)
1557 bfd_session_t *bs = bfd_find_session_by_idx (bm, bs_idx);
1562 BFD_DBG ("Scanning bfd packet, bs_idx=%d", bs->bs_idx);
1563 bs->remote_discr = pkt->my_disc;
1564 bs->remote_state = bfd_pkt_get_state (pkt);
1565 bs->remote_demand = bfd_pkt_get_demand (pkt);
1566 bs->remote_diag = bfd_pkt_get_diag_code (pkt);
1567 u64 now = clib_cpu_time_now ();
1568 bs->last_rx_clocks = now;
1569 if (bfd_pkt_get_auth_present (pkt))
1571 bfd_auth_type_e auth_type =
1572 ((bfd_pkt_with_common_auth_t *) (pkt))->common_auth.type;
1575 case BFD_AUTH_TYPE_reserved:
1577 case BFD_AUTH_TYPE_simple_password:
1579 case BFD_AUTH_TYPE_keyed_md5:
1581 case BFD_AUTH_TYPE_meticulous_keyed_md5:
1582 clib_warning ("Internal error, unexpected auth_type=%d:%s",
1583 auth_type, bfd_auth_type_str (auth_type));
1585 case BFD_AUTH_TYPE_keyed_sha1:
1587 case BFD_AUTH_TYPE_meticulous_keyed_sha1:
1590 bfd_pkt_with_sha1_auth_t *with_sha1 =
1591 (bfd_pkt_with_sha1_auth_t *) pkt;
1592 bs->auth.remote_seq_number =
1593 clib_net_to_host_u32 (with_sha1->sha1_auth.seq_num);
1594 bs->auth.remote_seq_number_known = 1;
1595 BFD_DBG ("Received sequence number %u",
1596 bs->auth.remote_seq_number);
1601 bs->remote_desired_min_tx_clocks =
1602 bfd_usec_to_clocks (bm, clib_net_to_host_u32 (pkt->des_min_tx));
1603 bs->remote_detect_mult = pkt->head.detect_mult;
1604 bfd_set_remote_required_min_rx (bm, bs, now,
1605 clib_net_to_host_u32 (pkt->req_min_rx));
1606 bfd_set_remote_required_min_echo_rx (bm, bs, now,
1607 clib_net_to_host_u32
1608 (pkt->req_min_echo_rx));
1611 if (bfd_pkt_get_final (pkt))
1613 if (BFD_POLL_IN_PROGRESS == bs->poll_state)
1615 BFD_DBG ("Poll sequence terminated, bs_idx=%u", bs->bs_idx);
1616 bfd_set_poll_state (bs, BFD_POLL_NOT_NEEDED);
1617 if (BFD_STATE_up == bs->local_state)
1619 bfd_set_effective_required_min_rx (bm, bs,
1620 clib_max (bs->echo *
1621 bm->min_required_min_rx_while_echo_clocks,
1622 bs->config_required_min_rx_clocks));
1625 else if (BFD_POLL_IN_PROGRESS_AND_QUEUED == bs->poll_state)
1628 * next poll sequence must be delayed by at least the round trip
1629 * time, so calculate that here
1631 BFD_DBG ("Next poll sequence can commence in " BFD_CLK_FMT,
1633 bs->poll_state_start_or_timeout_clocks));
1634 bs->poll_state_start_or_timeout_clocks =
1635 now + (now - bs->poll_state_start_or_timeout_clocks);
1637 ("Poll sequence terminated, but another is needed, bs_idx=%u",
1639 bfd_set_poll_state (bs, BFD_POLL_NEEDED);
1642 bfd_calc_next_tx (bm, bs, now);
1643 bfd_set_timer (bm, bs, now, 0);
1644 if (BFD_STATE_admin_down == bs->local_state)
1646 BFD_DBG ("Session is admin-down, ignoring packet, bs_idx=%u",
1650 if (BFD_STATE_admin_down == bs->remote_state)
1652 bfd_set_diag (bs, BFD_DIAG_CODE_neighbor_sig_down);
1653 bfd_set_state (bm, bs, BFD_STATE_down, 0);
1655 else if (BFD_STATE_down == bs->local_state)
1657 if (BFD_STATE_down == bs->remote_state)
1659 bfd_set_state (bm, bs, BFD_STATE_init, 0);
1661 else if (BFD_STATE_init == bs->remote_state)
1663 bfd_set_state (bm, bs, BFD_STATE_up, 0);
1666 else if (BFD_STATE_init == bs->local_state)
1668 if (BFD_STATE_up == bs->remote_state ||
1669 BFD_STATE_init == bs->remote_state)
1671 bfd_set_state (bm, bs, BFD_STATE_up, 0);
1674 else /* BFD_STATE_up == bs->local_state */
1676 if (BFD_STATE_down == bs->remote_state)
1678 bfd_set_diag (bs, BFD_DIAG_CODE_neighbor_sig_down);
1679 bfd_set_state (bm, bs, BFD_STATE_down, 0);
1685 bfd_consume_echo_pkt (bfd_main_t * bm, vlib_buffer_t * b)
1687 bfd_echo_pkt_t *pkt = NULL;
1688 if (b->current_length != sizeof (*pkt))
1692 pkt = vlib_buffer_get_current (b);
1693 bfd_session_t *bs = bfd_find_session_by_disc (bm, pkt->discriminator);
1698 BFD_DBG ("Scanning bfd echo packet, bs_idx=%d", bs->bs_idx);
1700 bfd_calc_echo_checksum (bs->local_discr, pkt->expire_time_clocks,
1702 if (checksum != pkt->checksum)
1704 BFD_DBG ("Invalid echo packet, checksum mismatch");
1707 u64 now = clib_cpu_time_now ();
1708 if (pkt->expire_time_clocks < now)
1710 BFD_DBG ("Stale packet received, expire time %lu < now %lu",
1711 pkt->expire_time_clocks, now);
1715 bs->echo_last_rx_clocks = now;
1721 format_bfd_session (u8 * s, va_list * args)
1723 const bfd_session_t *bs = va_arg (*args, bfd_session_t *);
1724 uword indent = format_get_indent (s);
1725 s = format (s, "bs_idx=%u local-state=%s remote-state=%s\n"
1726 "%Ulocal-discriminator=%u remote-discriminator=%u\n"
1727 "%Ulocal-diag=%s echo-active=%s\n"
1728 "%Udesired-min-tx=%u required-min-rx=%u\n"
1729 "%Urequired-min-echo-rx=%u detect-mult=%u\n"
1730 "%Uremote-min-rx=%u remote-min-echo-rx=%u\n"
1731 "%Uremote-demand=%s poll-state=%s\n"
1732 "%Uauth: local-seq-num=%u remote-seq-num=%u\n"
1733 "%U is-delayed=%s\n"
1736 bs->bs_idx, bfd_state_string (bs->local_state),
1737 bfd_state_string (bs->remote_state), format_white_space, indent,
1738 bs->local_discr, bs->remote_discr, format_white_space, indent,
1739 bfd_diag_code_string (bs->local_diag),
1740 (bs->echo ? "yes" : "no"), format_white_space, indent,
1741 bs->config_desired_min_tx_usec, bs->config_required_min_rx_usec,
1742 format_white_space, indent, 1, bs->local_detect_mult,
1743 format_white_space, indent, bs->remote_min_rx_usec,
1744 bs->remote_min_echo_rx_usec, format_white_space, indent,
1745 (bs->remote_demand ? "yes" : "no"),
1746 bfd_poll_state_string (bs->poll_state), format_white_space,
1747 indent, bs->auth.local_seq_number, bs->auth.remote_seq_number,
1748 format_white_space, indent,
1749 (bs->auth.is_delayed ? "yes" : "no"), format_white_space,
1750 indent, format_bfd_auth_key, bs->auth.curr_key,
1751 format_white_space, indent, format_bfd_auth_key,
1757 bfd_auth_type_supported (bfd_auth_type_e auth_type)
1759 if (auth_type == BFD_AUTH_TYPE_keyed_sha1 ||
1760 auth_type == BFD_AUTH_TYPE_meticulous_keyed_sha1)
1768 bfd_auth_activate (bfd_session_t * bs, u32 conf_key_id,
1769 u8 bfd_key_id, u8 is_delayed)
1771 bfd_main_t *bm = &bfd_main;
1772 const uword *key_idx_p =
1773 hash_get (bm->auth_key_by_conf_key_id, conf_key_id);
1776 clib_warning ("Authentication key with config ID %u doesn't exist)",
1778 return VNET_API_ERROR_BFD_ENOENT;
1780 const uword key_idx = *key_idx_p;
1781 bfd_auth_key_t *key = pool_elt_at_index (bm->auth_keys, key_idx);
1784 if (bs->auth.next_key == key)
1786 /* already using this key, no changes required */
1789 bs->auth.next_key = key;
1790 bs->auth.next_bfd_key_id = bfd_key_id;
1791 bs->auth.is_delayed = 1;
1795 if (bs->auth.curr_key == key)
1797 /* already using this key, no changes required */
1800 if (bs->auth.curr_key)
1802 --bs->auth.curr_key->use_count;
1804 bs->auth.curr_key = key;
1805 bs->auth.curr_bfd_key_id = bfd_key_id;
1806 bs->auth.is_delayed = 0;
1809 BFD_DBG ("\nSession auth modified: %U", format_bfd_session, bs);
1814 bfd_auth_deactivate (bfd_session_t * bs, u8 is_delayed)
1819 /* not delayed - deactivate the current key right now */
1820 if (bs->auth.curr_key)
1822 --bs->auth.curr_key->use_count;
1823 bs->auth.curr_key = NULL;
1825 bs->auth.is_delayed = 0;
1829 /* delayed - mark as so */
1830 bs->auth.is_delayed = 1;
1833 * clear the next key unconditionally - either the auth change is not delayed
1834 * in which case the caller expects the session to not use authentication
1835 * from this point forward, or it is delayed, in which case the next_key
1836 * needs to be set to NULL to make it so in the future
1838 if (bs->auth.next_key)
1840 --bs->auth.next_key->use_count;
1841 bs->auth.next_key = NULL;
1843 BFD_DBG ("\nSession auth modified: %U", format_bfd_session, bs);
1846 clib_warning ("SSL missing, cannot deactivate BFD authentication");
1847 return VNET_API_ERROR_BFD_NOTSUPP;
1852 bfd_session_set_params (bfd_main_t * bm, bfd_session_t * bs,
1853 u32 desired_min_tx_usec,
1854 u32 required_min_rx_usec, u8 detect_mult)
1856 if (bs->local_detect_mult != detect_mult ||
1857 bs->config_desired_min_tx_usec != desired_min_tx_usec ||
1858 bs->config_required_min_rx_usec != required_min_rx_usec)
1860 BFD_DBG ("\nChanging session params: %U", format_bfd_session, bs);
1861 switch (bs->poll_state)
1863 case BFD_POLL_NOT_NEEDED:
1864 if (BFD_STATE_up == bs->local_state ||
1865 BFD_STATE_init == bs->local_state)
1867 /* poll sequence is not needed for detect multiplier change */
1868 if (bs->config_desired_min_tx_usec != desired_min_tx_usec ||
1869 bs->config_required_min_rx_usec != required_min_rx_usec)
1871 bfd_set_poll_state (bs, BFD_POLL_NEEDED);
1875 case BFD_POLL_NEEDED:
1876 case BFD_POLL_IN_PROGRESS_AND_QUEUED:
1878 * nothing to do - will be handled in the future poll which is
1879 * already scheduled for execution
1882 case BFD_POLL_IN_PROGRESS:
1883 /* poll sequence is not needed for detect multiplier change */
1884 if (bs->config_desired_min_tx_usec != desired_min_tx_usec ||
1885 bs->config_required_min_rx_usec != required_min_rx_usec)
1887 BFD_DBG ("Poll in progress, queueing extra poll, bs_idx=%u",
1889 bfd_set_poll_state (bs, BFD_POLL_IN_PROGRESS_AND_QUEUED);
1893 bs->local_detect_mult = detect_mult;
1894 bs->config_desired_min_tx_usec = desired_min_tx_usec;
1895 bs->config_desired_min_tx_clocks =
1896 bfd_usec_to_clocks (bm, desired_min_tx_usec);
1897 bs->config_required_min_rx_usec = required_min_rx_usec;
1898 bs->config_required_min_rx_clocks =
1899 bfd_usec_to_clocks (bm, required_min_rx_usec);
1900 BFD_DBG ("\nChanged session params: %U", format_bfd_session, bs);
1902 vlib_process_signal_event (bm->vlib_main, bm->bfd_process_node_index,
1903 BFD_EVENT_CONFIG_CHANGED, bs->bs_idx);
1907 BFD_DBG ("Ignore parameter change - no change, bs_idx=%u", bs->bs_idx);
1913 bfd_auth_set_key (u32 conf_key_id, u8 auth_type, u8 key_len,
1914 const u8 * key_data)
1917 bfd_auth_key_t *auth_key = NULL;
1918 if (!key_len || key_len > bfd_max_len_for_auth_type (auth_type))
1920 clib_warning ("Invalid authentication key length for auth_type=%d:%s "
1921 "(key_len=%u, must be "
1922 "non-zero, expected max=%u)",
1923 auth_type, bfd_auth_type_str (auth_type), key_len,
1924 (u32) bfd_max_len_for_auth_type (auth_type));
1925 return VNET_API_ERROR_INVALID_VALUE;
1927 if (!bfd_auth_type_supported (auth_type))
1929 clib_warning ("Unsupported auth type=%d:%s", auth_type,
1930 bfd_auth_type_str (auth_type));
1931 return VNET_API_ERROR_BFD_NOTSUPP;
1933 bfd_main_t *bm = &bfd_main;
1934 uword *key_idx_p = hash_get (bm->auth_key_by_conf_key_id, conf_key_id);
1937 /* modifying existing key - must not be used */
1938 const uword key_idx = *key_idx_p;
1939 auth_key = pool_elt_at_index (bm->auth_keys, key_idx);
1940 if (auth_key->use_count > 0)
1942 clib_warning ("Authentication key with conf ID %u in use by %u BFD "
1943 "session(s) - cannot modify",
1944 conf_key_id, auth_key->use_count);
1945 return VNET_API_ERROR_BFD_EINUSE;
1950 /* adding new key */
1951 pool_get (bm->auth_keys, auth_key);
1952 auth_key->conf_key_id = conf_key_id;
1953 hash_set (bm->auth_key_by_conf_key_id, conf_key_id,
1954 auth_key - bm->auth_keys);
1956 auth_key->auth_type = auth_type;
1957 memset (auth_key->key, 0, sizeof (auth_key->key));
1958 clib_memcpy (auth_key->key, key_data, key_len);
1961 clib_warning ("SSL missing, cannot manipulate authentication keys");
1962 return VNET_API_ERROR_BFD_NOTSUPP;
1967 bfd_auth_del_key (u32 conf_key_id)
1970 bfd_auth_key_t *auth_key = NULL;
1971 bfd_main_t *bm = &bfd_main;
1972 uword *key_idx_p = hash_get (bm->auth_key_by_conf_key_id, conf_key_id);
1975 /* deleting existing key - must not be used */
1976 const uword key_idx = *key_idx_p;
1977 auth_key = pool_elt_at_index (bm->auth_keys, key_idx);
1978 if (auth_key->use_count > 0)
1980 clib_warning ("Authentication key with conf ID %u in use by %u BFD "
1981 "session(s) - cannot delete",
1982 conf_key_id, auth_key->use_count);
1983 return VNET_API_ERROR_BFD_EINUSE;
1985 hash_unset (bm->auth_key_by_conf_key_id, conf_key_id);
1986 memset (auth_key, 0, sizeof (*auth_key));
1987 pool_put (bm->auth_keys, auth_key);
1992 clib_warning ("Authentication key with conf ID %u does not exist",
1994 return VNET_API_ERROR_BFD_ENOENT;
1998 clib_warning ("SSL missing, cannot manipulate authentication keys");
1999 return VNET_API_ERROR_BFD_NOTSUPP;
2003 bfd_main_t bfd_main;
2006 * fd.io coding-style-patch-verification: ON
2009 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob